UC San Diego computer scientists discovered that the state-of-the-art systems that are used to detect deepfakes can be tricked. A deepfake is when a video of a person has been digitally altered in order to make them appear to be someone else or say something that they never actually said. Typically, deepfakes are used maliciously or to disseminate fake news.
The US Department of State as well as tech giants like Facebook and Microsoft have developed detectors for deepfakes. However, the research team showed that when you insert inputs called “adversarial examples” into each frame? The adversarial examples force the detectors to make a mistake, so it can’t recognize indicators of deepfakes like a lack of blinking. Also, it is a relatively simple way of tricking the detector, so even deepfake creators who don’t have access to the detector model can use it.
The researchers recommend that creators of the detectors fix this problem by using deepfake adversarial learning. This means when they teach the detector to find the deepfakes more effectively by feeding it deepfakes that use the adversarial example trick.
You can find the full study here.
Emma Suleiman
